Vraag & Antwoord

Beveiliging & privacy

Svhost.exe application error vervelend probleem. (hjt log)

29 antwoorden
  • Sinds een paar weken heb ik problemen met het volgende: Eerst komt en tijdens of vlak na het opstarten van windows een Application Error: Svhost.exe Application Error The instruction at 0x745f2780 referenced memory at ‘0x00000000’ The memory could not be read. vrijwel direct daarna komst deze error: Generic Hostprocess for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience Over de Generic Hostprocess etc. is veel te vinden op het net. Ik heb natuurlijk de Microsoft patch aangebracht, heb op allerlei manieren op virussen gescanned en heb mijn HP printer en fotodrivers allemaal geupdate. Helaas, geen echte oplossing. Het gaat niet altijd hetzelfde het effect van de foutmeldding is soms ook erger dan andere momenten. Soms kan ik gewoon doorwerken, maar andere keren starten applicaties als iexlorer of outlook niet meer op. Ik heb OS Name Microsoft Windows XP Professional Version 5.1.2600 Service Pack 2 Build 2600 Pentium 4 3.06Ghz 1024 MB memory Iemand die hier een oplossing voor heeft? met dank
  • Gaat het om svchost (goed), of svhost (fout, malware?). Je zou ook je geheugen eens kunnen testen met memtest.
  • het gaat om svchost.exe, maar ik dacht dat ik ook svhost voorbij had zien komen...hmmm
  • Maak voor de zekerheid eens een hijackthis log. http://www.processlibrary.com/directory/files/svhost/
  • Bedankt Gerben, maar ik kom er niet helemaal achter hoe ik die hijackthis log maak. Ik heb je links gevolgs en wordt dan naar een site geleidt die wel iets zegt over svhost, maar dan registerbooster aanbiedt. Ik heb dit gekocht en het heeft wel het e.e.a. aangetroffen, maar de hijackthis log zie ik niet. Kan je me de juiste kant uit wijzen? bedankt
  • ik zag wat links over te veel software die upstart bij booten. Bij mij is dat inderdaad wel veel en ik weet van sommige echt niet waar ze voor zijn (AIDA 32) kun je me vertellen hoe ik die kan stoppen? Ik las o.a. dat sommige HP tools dit probleem kunnen veroorzaken en die staan er wel bij. met dank
  • Die link was alleen om svhost even te verduidelijken. Hijackthis is gratis, kun je hier downloaden: http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/HijackThis.shtml Start het programma na installatie, klik do a system scan and save a log file. Plak de inhoud daarvan hier dan weer. Je kunt eens kijken wat er aan overbodige software geïnstalleerd is in het configscherm (software / add or remove programs). Automatisch opstartende software kun je goed bekijken met startupcpl (ook freeware). http://www.mlin.net/StartupCPL.shtml
  • BEdankt Gerben, Hier is de logfile: Logfile of HijackThis v1.99.1 Scan saved at 18:48:01, on 01-10-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CPUCooL\CooLSrv.exe C:\WINDOWS\System32\CTsvcCDA.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\program files\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\system32\mgabg.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\WINDOWS\System32\WFXSVC.EXE C:\Program Files\UltraVNC\WinVNC.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\PDesk\PDesk.exe C:\Program Files\WinFax\WFXMOD32.EXE C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\Program Files\ASUS\Probe\AsusProb.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\WINDOWS\system32\hphmon04.exe C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe C:\Program Files\Weather Pulse\weatherpulse.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\HPHipm11.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SmartSync Pro\SmartSync.exe C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\program files\microsoft office\OFFICE11\WINWORD.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\DOCUME~1\BRAMFL~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://debeurs.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://debeurs.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [zzzHPSETUP] L:\Setup.exe \RESET O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [Weather Pulse] C:\Program Files\Weather Pulse\weatherpulse.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SmartSync Pro] "C:\Program Files\SmartSync Pro\SmartSync.exe" /Logon O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} - O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: iexplore - 4g4r1.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing) O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing) O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing) O23 - Service: Zetera - Zetera Corporation - C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe is nogal wat he? alvast bedankt
  • Even verplaatst naar B&P.
  • wat is B&P? Moet ik iets doen of??
  • [quote:b4e2ee8c47="Firebird"]wat is B&P? Moet ik iets doen of??[/quote:b4e2ee8c47]is reeds gedaan nu even wachten op de expers, die zullen aangeven wat er aand e hand is en wat er gedaan meto worden
  • Zet het programma van HJT in een eigen mapje, maak dus op de C schijf een nieuwe map aan en unzip het programma van HJT daar naar toe. Bv. [b:e5994327ba]C:\HJT[/b:e5994327ba] Download [url=http://download.bleepingcomputer.com/sUBs/combofix.exe][b:e5994327ba]Combofix[/b:e5994327ba][/url] naar je Bureaublad.[list:e5994327ba] Dubbelklik [b:e5994327ba]Combofix.exe[/b:e5994327ba] Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen. Tijdens het runnen van de fix, [b:e5994327ba]NIET[/b:e5994327ba] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:e5994327ba] Wanneer de fix voltooid is en na herstart, zal de log [b:e5994327ba]combofix.txt[/b:e5994327ba] openen. [i:e5994327ba]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:e5994327ba] NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren. Juisterr
  • Combofix liep niet helemaal goed. Ik zag iet sover Destroy voorbijkomen en de file is weg na de herstart.. Hopelijk is het toch bruikbaar alvast bedankt! Firebird - 06-10-01 23:00:36.76 Service Pack 2 ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Firebird\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-09-01 to 2006-10-01 )))))))))))))))))))))))))))))))))) 2006-10-01 16:47 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys 2006-09-20 11:19 53,248 --a------ C:\WINDOWS\CTDCRDUT.DLL 2006-09-20 11:19 20,480 --a------ C:\WINDOWS\INRESDUT.DLL (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-01 23:01 -------- d-------- C:\Program Files\SmartSync Pro 2006-10-01 18:21 -------- d-------- C:\Program Files\CA 2006-10-01 18:12 -------- d-------- C:\Documents and Settings\Firebird\Application Data\Registry Booster 2006-10-01 17:26 -------- d-------- C:\Program Files\Uniblue 2006-10-01 16:47 -------- d-------- C:\Documents and Settings\Firebird\Application Data\WholeSecurity 2006-09-30 00:42 -------- d-------- C:\Program Files\Weather Pulse 2006-09-29 15:39 -------- d-------- C:\Program Files\HP Photosmart 11 2006-09-22 17:39 -------- d-------- C:\Program Files\PlotSoft 2006-09-22 17:35 -------- d-------- C:\Program Files\Common Files\Adobe 2006-09-22 17:34 -------- d-------- C:\Program Files\Common Files 2006-09-22 17:32 -------- d-------- C:\Program Files\Pegasys Inc 2006-09-22 17:30 28256 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys 2006-09-20 11:24 -------- d-------- C:\Program Files\Creative 2006-09-20 11:18 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-09-19 19:03 -------- d-------- C:\Program Files\OfficeUpdate11 2006-09-19 19:03 -------- d-------- C:\Program Files\Hewlett-Packard 2006-09-19 19:02 -------- d-------- C:\Program Files\Common Files\MAGIX Shared 2006-09-19 19:00 -------- d-------- C:\Program Files\Internet Explorer 2006-09-19 18:59 -------- d-------- C:\Program Files\HP 2006-09-19 18:59 -------- d-------- C:\Program Files\Common Files\xing shared 2006-09-19 18:59 -------- d-------- C:\Program Files\Common Files\Real 2006-09-19 18:41 -------- d-------- C:\Documents and Settings\Firebird\Application Data\Creative 2006-08-30 08:35 5507 --a------ C:\Documents and Settings\Firebird\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log 2006-08-23 17:48 101376 --a------ C:\WINDOWS\system32\drivers\ACEDRV07.sys 2006-08-23 11:50 131072 --a--c--- C:\WINDOWS\system32\SpoonUninstall.exe 2006-08-21 14:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-21 11:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys 2006-08-09 16:28 -------- d-------- C:\Program Files\DVDlab 2006-08-03 17:47 -------- d-------- C:\Documents and Settings\Firebird\Application Data\Pegasys Inc 2006-08-02 17:08 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe 2006-07-27 15:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-21 10:24 72704 --a------ C:\WINDOWS\system32\hlink.dll 2006-07-14 16:10 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll 2006-07-14 16:10 118784 --a------ C:\WINDOWS\system32\pdfmona.dll 2006-07-14 10:03 74752 --a------ C:\WINDOWS\cadkasdeinst01e.exe 2006-07-12 15:46 638976 --a------ C:\WINDOWS\system32\mgxoschk.dll 2006-07-11 12:37 1179136 --a--c--- C:\WINDOWS\system32\AutoPartNt.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE" "Weather Pulse"="C:\\Program Files\\Weather Pulse\\weatherpulse.exe" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" "SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe" "SmartSync Pro"="\"C:\\Program Files\\SmartSync Pro\\SmartSync.exe\" /Logon" "Uniblue Registry Booster"="C:\\Program Files\\Uniblue\\Registry Booster\\RegistryBooster.exe /S" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "CTHelper"="CTHELPER.EXE" "AsioReg"="REGSVR32.EXE /S CTASIO.DLL" "SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r" "UpdReg"="C:\\WINDOWS\\UpdReg.EXE" "WinVNC"="\"C:\\Program Files\\UltraVNC\\WinVNC.exe\" -servicehelper" "VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask" "VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe" "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe" "MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe" "LVCOMS"="C:\\Program Files\\Common Files\\Logitech\\QCDriver\\LVCOMS.EXE" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 "CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDET.EXE" "HPHmon04"="C:\\WINDOWS\\system32\\hphmon04.exe" "HPHUPD04"="\"C:\\Program Files\\HP Photosmart 11\\hphinstall\\UniPatch\\hphupd04.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,50,01,00,00,00,00,00,00,40,05,00,00,f8,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,a4,01,00,00,35,00,00,00,80,01,00,00,2e,01,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{A213B520-C6C2-11d0-AF9D-008029E1027E}"="" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000008 "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run] [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk] "backup"="C:\\WINDOWS\\pss\\HotSync Manager.lnkCommon Startup" "location"="Common Startup" "item"="HotSync Manager" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Firebird^Start Menu^Programs^Startup^CPUCooL.lnk] "backup"="C:\\WINDOWS\\pss\\CPUCooL.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\CPUCooL\\CPUCooL.exe 1" "item"="CPUCooL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\mmtask] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mmtask" "hkey"="HKLM" "command"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MMTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mm_tray" "hkey"="HKLM" "command"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MsnMsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MsnMsgr" "hkey"="HKCU" "command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SB Audigy 2 Startup Menu] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ChkColor" "hkey"="HKCU" "command"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Program\\Startup Menu\\ChkColor.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SoundMAX] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Smax4" "hkey"="HKLM" "command"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SoundMAXPnP] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SMax4PNP" "hkey"="HKLM" "command"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WFXSwtch] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WFXSWTCH" "hkey"="HKLM" "command"="C:\\PROGRA~1\\WinFax\\WFXSWTCH.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WinFaxAppPortStarter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="wfxsnt40" "hkey"="HKLM" "command"="wfxsnt40.exe" "inimapping"="0" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iexplore HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\HP Usg Daily.job C:\WINDOWS\tasks\HP Usg Login.job C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (BRAM-Firebird).job Completion time: 01-10-2006 23:03:17.04 ComboFix.txt ComboFix2.txt ComboFix3.txt ------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 23:05:20, on 01-10-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CPUCooL\CooLSrv.exe C:\WINDOWS\System32\CTsvcCDA.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\program files\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\mgabg.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WFXSVC.EXE C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\Program Files\UltraVNC\WinVNC.exe C:\WINDOWS\system32\hphmon04.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\WinFax\WFXMOD32.EXE C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE C:\Program Files\Weather Pulse\weatherpulse.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SmartSync Pro\SmartSync.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\HPHipm11.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\program files\microsoft office\OFFICE11\WINWORD.EXE D:\Downloads\Registrybooster\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://debeurs.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://debeurs.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE O4 - HKCU\..\Run: [Weather Pulse] C:\Program Files\Weather Pulse\weatherpulse.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SmartSync Pro] "C:\Program Files\SmartSync Pro\SmartSync.exe" /Logon O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} - O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: iexplore - 4g4r1.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing) O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing) O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing) O23 - Service: Zetera - Zetera Corporation - C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe
  • start HJT opnieuw en vink onderstaande regels aan. [b:44a0c6d4ec]O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} - O20 - Winlogon Notify: iexplore - 4g4r1.dll (file missing)[/b:44a0c6d4ec] sluit alle vensters en klik op fix checked.
  • ik ben nog voorzichtig, maar het ziet er naar uit dat dit gewerkt heeft! Heel erg bedankt voor deze fantastische hulp!
  • :( Het probleem leek helemaal weg, maar is weer terug. Nu heb ik gister wel op een tweede installatie van WXP of de zelfde PC (voor VIDEO) een restore gedaan. Ik heb daarna een restore gedaan naar een punt afgelopen week dat het allemaal goed werkte, maar misschien is dat niet voldoende? HEt is een heel vervelend probleem. Hier zijn de Combofix en Hijackthis files, ik hoop dat jullie de tijd willen nemen er opnieuw naar te kijken. (Ik heb de twee installaties van WXP nu losgekoppeld in hun restores...) ALvast mijn dank en hulde.. Firebird - 06-10-14 12:38:09.00 Service Pack 2 ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Firebird\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-09-14 to 2006-10-14 )))))))))))))))))))))))))))))))))) 2006-10-01 16:47 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys 2006-09-20 11:19 53,248 --a------ C:\WINDOWS\CTDCRDUT.DLL 2006-09-20 11:19 20,480 --a------ C:\WINDOWS\INRESDUT.DLL (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-14 12:27 -------- d-------- C:\Documents and Settings\Firebird\Application Data\Registry Booster 2006-10-14 12:01 -------- d-------- C:\Program Files\SmartSync Pro 2006-10-14 12:00 -------- d-------- C:\Program Files\Weather Pulse 2006-10-14 11:49 -------- d-------- C:\Program Files\OfficeUpdate11 2006-10-07 16:59 -------- d-------- C:\Program Files\Firebird 2006-10-01 18:21 -------- d-------- C:\Program Files\CA 2006-10-01 17:26 -------- d-------- C:\Program Files\Uniblue 2006-10-01 16:47 -------- d-------- C:\Documents and Settings\Firebird\Application Data\WholeSecurity 2006-09-29 15:39 -------- d-------- C:\Program Files\HP Photosmart 11 2006-09-22 17:39 -------- d-------- C:\Program Files\PlotSoft 2006-09-22 17:35 -------- d-------- C:\Program Files\Common Files\Adobe 2006-09-22 17:34 -------- d-------- C:\Program Files\Common Files 2006-09-22 17:32 -------- d-------- C:\Program Files\Pegasys Inc 2006-09-22 17:30 28256 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys 2006-09-20 11:24 -------- d-------- C:\Program Files\Creative 2006-09-20 11:18 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-09-19 19:03 -------- d-------- C:\Program Files\Hewlett-Packard 2006-09-19 19:02 -------- d-------- C:\Program Files\Common Files\MAGIX Shared 2006-09-19 19:00 -------- d-------- C:\Program Files\Internet Explorer 2006-09-19 18:59 -------- d-------- C:\Program Files\HP 2006-09-19 18:59 -------- d-------- C:\Program Files\Common Files\xing shared 2006-09-19 18:59 -------- d-------- C:\Program Files\Common Files\Real 2006-09-19 18:41 -------- d-------- C:\Documents and Settings\Firebird\Application Data\Creative 2006-08-30 08:35 5507 --a------ C:\Documents and Settings\Firebird\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log 2006-08-23 17:48 101376 --a------ C:\WINDOWS\system32\drivers\ACEDRV07.sys 2006-08-23 11:50 131072 --a--c--- C:\WINDOWS\system32\SpoonUninstall.exe 2006-08-21 14:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-21 11:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys 2006-08-02 17:08 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe 2006-07-27 15:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-21 10:24 72704 --a------ C:\WINDOWS\system32\hlink.dll 2006-07-14 16:10 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll 2006-07-14 16:10 118784 --a------ C:\WINDOWS\system32\pdfmona.dll 2006-07-14 10:03 74752 --a------ C:\WINDOWS\cadkasdeinst01e.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Weather Pulse"="C:\\Program Files\\Weather Pulse\\weatherpulse.exe" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" "SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe" "SmartSync Pro"="\"C:\\Program Files\\SmartSync Pro\\SmartSync.exe\" /Logon" "Uniblue Registry Booster"="C:\\Program Files\\Uniblue\\Registry Booster\\RegistryBooster.exe /S" "SB Audigy 2 Startup Menu"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Program\\Startup Menu\\ChkColor.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "CTHelper"="CTHELPER.EXE" "AsioReg"="REGSVR32.EXE /S CTASIO.DLL" "SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r" "UpdReg"="C:\\WINDOWS\\UpdReg.EXE" "WinVNC"="\"C:\\Program Files\\UltraVNC\\WinVNC.exe\" -servicehelper" "VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask" "VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe" "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe" "MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe" "OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe" "LVCOMS"="C:\\Program Files\\Common Files\\Logitech\\QCDriver\\LVCOMS.EXE" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 "CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDET.EXE" "HPHmon04"="C:\\WINDOWS\\system32\\hphmon04.exe" "HPHUPD04"="\"C:\\Program Files\\HP Photosmart 11\\hphinstall\\UniPatch\\hphupd04.exe\"" "WinFaxAppPortStarter"="wfxsnt40.exe" "WFXSwtch"="C:\\PROGRA~1\\WinFax\\WFXSWTCH.exe" "SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe" "SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled] "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\AutorunsDisabled] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\AutorunsDisabled\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,30,01,00,00,00,00,00,00,60,05,00,00,f8,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,a4,01,00,00,87,01,00,00,80,01,00,00,2e,01,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{A213B520-C6C2-11d0-AF9D-008029E1027E}"="" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000008 "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run] [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk] "backup"="C:\\WINDOWS\\pss\\HotSync Manager.lnkCommon Startup" "location"="Common Startup" "item"="HotSync Manager" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Firebird^Start Menu^Programs^Startup^CPUCooL.lnk] "backup"="C:\\WINDOWS\\pss\\CPUCooL.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\CPUCooL\\CPUCooL.exe 1" "item"="CPUCooL" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iexplore HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (BRAM-Firebird).job Completion time: 14-10-2006 12:38:59.68 ComboFix.txt ----------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 12:40:59, on 14-10-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\CTsvcCDA.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\program files\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\mgabg.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\WINDOWS\System32\WFXSVC.EXE C:\Program Files\UltraVNC\WinVNC.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\WinFax\WFXMOD32.EXE C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\WINDOWS\system32\hphmon04.exe C:\WINDOWS\system32\wfxsnt40.exe C:\PROGRA~1\WinFax\WFXSWTCH.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Weather Pulse\weatherpulse.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\SmartSync Pro\SmartSync.exe C:\WINDOWS\system32\HPHipm11.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\program files\microsoft office\OFFICE11\WINWORD.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE D:\Downloads\Registrybooster\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://debeurs.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://debeurs.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKCU\..\Run: [Weather Pulse] C:\Program Files\Weather Pulse\weatherpulse.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SmartSync Pro] "C:\Program Files\SmartSync Pro\SmartSync.exe" /Logon O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] C:\Program Files\Creative\SBAudigy2ZS\Program\Startup Menu\ChkColor.EXE O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} - O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: iexplore - C:\WINDOWS\ O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing) O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing) O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing) O23 - Service: Zetera - Zetera Corporation - C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe
  • Start HJT opnieuw en doe een systemscan only vink onderstaande regels aan sluit alle vensters en klik op fix checked. [b:5e07a07f66]O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) – O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} –[/b:5e07a07f66] Download [url=ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe][b:5e07a07f66][color=blue:5e07a07f66]Dr.Web CureIt[/color:5e07a07f66][/b:5e07a07f66][/url] naar je Bureaublad:[list:5e07a07f66][*:5e07a07f66]Dubbelklik [b:5e07a07f66]drweb-cureit.exe[/b:5e07a07f66] en sta het toe om de express scan te starten. [*:5e07a07f66]Indien een popup verschijnt met het voorstel tot kopen/50% korting, mag je deze sluiten met het kruisje. [*:5e07a07f66]Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de [b:5e07a07f66]Yes to all[/b:5e07a07f66] knop bij de vraag 'cure it?'. Dit is enkel een korte scan. [*:5e07a07f66]Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen. [*:5e07a07f66]Selecteer hier [b:5e07a07f66]alle drives[/b:5e07a07f66]. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen. [*:5e07a07f66]Klik daarna de [b:5e07a07f66]groene pijl[/b:5e07a07f66] rechts om de scan te starten. [*:5e07a07f66]Klik [b:5e07a07f66]Yes to all[/b:5e07a07f66] wanneer er gevraagd wordt om cure of move uit te voeren. [*:5e07a07f66]Wanneer de scan beëindigd is, kijk of je kunt op het icoontje naast de gevonden bestanden klikken: [img:5e07a07f66]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:5e07a07f66] [*:5e07a07f66]Indien ja,klik er op en klik vervolgens op het icoontje er juist onder en selecteer [b:5e07a07f66]Move incurable[/b:5e07a07f66] zoals je hier ziet: [img:5e07a07f66]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:5e07a07f66] Dit verplaatst gevonden bestanden naar de "%userprofile%\DoctorWeb\quarantaine-map" indien herstel niet mogelijk is. [*:5e07a07f66]Nadat de scan gedaan is, in het menu bovenaan, klik [b:5e07a07f66]File[/b:5e07a07f66] en kies [b:5e07a07f66]Save report List[/b:5e07a07f66]. Bewaar het op je Bureaublad. [*:5e07a07f66]Sluit daarna Dr.Web Cureit. [*:5e07a07f66][b:5e07a07f66]Herstart[/b:5e07a07f66] je computer!! [i:5e07a07f66]Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart[/i:5e07a07f66]. [*:5e07a07f66]Na het herstarten, [b:5e07a07f66]kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post[/b:5e07a07f66]. [/list:u:5e07a07f66] En doe dan nog even. Download [url=http://windowsxp.mvps.org/utils/IEFix.zip]IEFix[/url] naar je bureaublad. Maak een nieuwe map op je bureaublad (bv IE-Fix) Pak de bestanden uit naar die map Open de map waarin je de bestanden hebt uitgepakt. Dubbelklik op IEFix.exe Er wordt gevraagd om de XP installatie disk Klik in eerste instantie op cancel IEFix zal de dll's opnieuw registreren Herstart je PC Maak een nieuw HJT logje en vertel even of je probleem over is.
  • WinVNC.exe C:\Program Files\UltraVNC Program.RemoteAdmin Incurable.Will be moved after reboot. RegUBP2b-Firebird.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots Trojan.StartPage.1505 Deleted. MiniBugTransporter.dll C:\Program Files\Common Files\Real\WeatherBug Adware.Minibug Incurable.Moved. vncviewer.exe C:\Program Files\UltraVNC Program.RemoteAdmin Incurable.Moved. winvnc.exe C:\Program Files\UltraVNC Program.RemoteAdmin Incurable.Will be moved after reboot. A0312164.reg C:\System Volume Information\_restore{A58A852F-4232-4ECA-8C51-54A36581A2E5}\RP908 Trojan.StartPage.1505 Deleted. A0316244.reg C:\System Volume Information\_restore{A58A852F-4232-4ECA-8C51-54A36581A2E5}\RP910 Trojan.StartPage.1505 Deleted. A0322759.reg C:\System Volume Information\_restore{A58A852F-4232-4ECA-8C51-54A36581A2E5}\RP910 Trojan.StartPage.1505 Deleted. A0323756.reg C:\System Volume Information\_restore{A58A852F-4232-4ECA-8C51-54A36581A2E5}\RP911 Trojan.StartPage.1505 Deleted. A0324756.reg C:\System Volume Information\_restore{A58A852F-4232-4ECA-8C51-54A36581A2E5}\RP911 Trojan.StartPage.1505 Deleted. A0325755.reg C:\System Volume Information\_restore{A58A852F-4232-4ECA-8C51-54A36581A2E5}\RP911 Trojan.StartPage.1505 Deleted. A0329460.reg C:\System Volume Information\_restore{A58A852F-4232-4ECA-8C51-54A36581A2E5}\RP924 Trojan.StartPage.1505 Deleted. A0330517.reg C:\System Volume Information\_restore{A58A852F-4232-4ECA-8C51-54A36581A2E5}\RP924 Trojan.StartPage.1505 Deleted. A0330592.reg C:\System Volume Information\_restore{A58A852F-4232-4ECA-8C51-54A36581A2E5}\RP925 Trojan.StartPage.1505 Deleted. A0333225.reg C:\System Volume Information\_restore{A58A852F-4232-4ECA-8C51-54A36581A2E5}\RP925 Trojan.StartPage.1505 Deleted. A0334277.reg C:\System Volume Information\_restore{A58A852F-4232-4ECA-8C51-54A36581A2E5}\RP925 Trojan.StartPage.1505 Deleted. gogoprod.js D:\Healing and Vision OLD\Leven!\Unfinished Life_files Probably SCRIPT.Virus Incurable.Moved. Nog even kijken of het geholpen heeft. Na het draaien van DrWeb CureIT was het probleem er nog.
  • Heb je de IE fix ook al gedaan???
  • Helaas de SVCHOST.EXE crashed nog steeds... :(

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.